Open BernaldoPenasAntelo opened 4 years ago
OSSEC's regex isn't a full PCRE implementation.
Well ... knowing that ... do i have any options to know exactly whats implemented ... or i have to test everithing in order to know if it's going to work. What i want to say is ... it's there any detailed documentation about how to use this implementation of the library and it's limitations?
Following the docs, with the newest version of ossec running, i'm triying to create a custom rule with this expresion
I'm following the pcre2 syntax, but no matchings when i run my tests (i have used diferent online regexp engines and verify that the regexp it's correct and may verify my tests)
To test it i use the binary ossec-regex and get:
It give me no results, nothing happens.
I have tested that the binnary works
What i'm doing wrong, any help will be useful.
Thanks in advance.